[
https://issues.apache.org/jira/browse/OFBIZ-11717?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jacques Le Roux updated OFBIZ-11717:
------------------------------------
Description:
To sum up, for a start:
We now use [HSTS|
https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.md] and we have the http.request-map.list for the request which should be send not secured.
So the https attribute of the request-map->security elements, which is false by default no longer makes any sense.
My intention is to remove it, but it hides a number of other things. So we need to be careful. For instance, OFBIZ-11643 was a 1st aborted attempt. And anyway there is not security related so this is not an OFBIZ-1525 subtask
was:There is much to say here, but I'll put the description later...
> Clean how HTTP vs HTTPS is handled
> -----------------------------------
>
> Key: OFBIZ-11717
> URL:
https://issues.apache.org/jira/browse/OFBIZ-11717> Project: OFBiz
> Issue Type: Improvement
> Components: ALL COMPONENTS
> Affects Versions: Trunk
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Priority: Minor
>
> To sum up, for a start:
> We now use [HSTS|
https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.md] and we have the http.request-map.list for the request which should be send not secured.
> So the https attribute of the request-map->security elements, which is false by default no longer makes any sense.
> My intention is to remove it, but it hides a number of other things. So we need to be careful. For instance, OFBIZ-11643 was a 1st aborted attempt. And anyway there is not security related so this is not an OFBIZ-1525 subtask
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
Locked
